Skip to main content

On This Page

Agentproto 0.5.0: Credential Broker, Sandboxes, and Cost Accounting That Refuses to Lie

2 min read
Share

These articles are AI-generated summaries. Please check the original sources for full details.

agentproto 0.5.0 — credentials, sandboxes, and cost accounting that refuses to lie

Agentproto released version 0.5.0 on July 8, 2026, shipping six new packages alongside the existing ecosystem of orchestration tools for AI agents. The release introduces a credential broker that never exposes secrets to environment variables or config files.

Why This Matters

The gap between ideal agent autonomy and production reality is bridged by practical infrastructure: secrets silently leaking through env vars or child-MCP configurations represent a class of vulnerability that current SDKs ignore at scale. Agentproto’s credential broker resolves headers at spawn time via an mcp-header secret exposure variant—secrets never touch env or config—and its per-session cost tags explicitly report ‘no-pricing’ when the model isn’t in the LLM catalog rather than fabricating a confident wrong number.

Key Insights

  • AIP-50 device-code flow (RFC 8628) implemented end-to-end in @agentproto/[email protected]; three CredentialStore backends (Keychain, Memory, File) support silent refresh before expiry.
  • @agentproto/[email protected] defines the AIP-36 SandboxProvider interface; @agentproto/[email protected] provides the first concrete implementation supporting boot/connect/pause/stop lifecycle with reconnect via provider.connect().
  • @agentproto/eval ships four deterministic scorers (exact-match regex-match json-schema-valid latency-budget) plus vendor-neutral LLM judge injection via JudgeFn; no LLM SDK bundled.
  • ‘source’ tag on deriveSessionUsage reports four states: adapter (real cost), computed (tokens priced from catalog), no-pricing (model unknown—price not invented), none (nothing measured); designed to avoid misleading dashboards.

Working Examples

Credential broker usage example showing header resolution without env exposure.

import { CredentialBroker, KeychainStore, getAuthProvider } from "@agentproto/auth"

const broker = new CredentialBroker({
store: new KeychainStore(),
getProvider: getAuthProvider,
})

// → { Authorization: "Bearer <token>" }, refreshed silently when stale.
const headers = await broker.resolveHeaders({ path: "guilde" })

Eval harness usage showing vendor-neutral LLM judge injection.

import { runEval, llmJudge,bindScorer}from"@agentproto/eval"

const report=await runEval({
id:"summarise-suite",
cases:[{id:"c1",input:longDoc,
expected:"concise summary"}],
scorers:[bindScorer(llmJudge({
id:"quality",
judge:myAgentJudge,// any async fn satisfying JudgeFn
criteria:"Accurate concise no hallucinations?",
mapOutput:({output})=>output,
}))],},{
target:async(doc)=>summarise(doc)
})

Practical Applications

References:

  • From internal analysis

Continue reading

Next article

react-hook-lab Hardens CI/CD Pipeline by Moving AI Prompts to Secure Environment Variables

Related Content